Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filter reload causes CPU and latency spike

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 1 Posters 38 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nsmhd
      last edited by

      I have managed to track down what was causing issues with CPU and latency whenever any of my Wireguard tunnels came up/down (posted in the WG section)
      It is caused by the filter reload action as I am able to reproduce the issue by triggering a filter reload from Diagnostics menu.

      The filter reload causes
      CPU spike
      Latency spike both RTT and RTTsd on all interfaces

      result is Teams/VOIP/WiFi calling calls freeze/drop, streaming services buffer and other symptoms you would expect.

      this is very similar to issues reported a few years ago see these threads
      https://forum.netgate.com/topic/169955/latency-spikes-during-filter-reload-ce-2-6-0/25
      https://redmine.pfsense.org/issues/12827
      https://forum.netgate.com/topic/151819/2-4-5-high-latency-and-packet-loss-not-in-a-vm/76
      https://forum.netgate.com/topic/149595/2-4-5-a-20200110-1421-and-earlier-high-cpu-usage-from-pfctl/76?_=1759823899870

      I have tried a couple of the things people used then as workarounds like commenting out the keepcounters line and disabling kern smp but neither helped and neither did disabling block bogon network on all interfaces.

      I have pfSense + running on a Sophos XG 430 Rev2
      running latest version 25.07.1
      I have PfblockerNG with GEO blocking setup.

      Anyone else seeing this behaviour still?

      N 1 Reply Last reply Reply Quote 0
      • N Offline
        nsmhd @nsmhd
        last edited by

        Just been doing further testing with the SMP disabled via boot loader conf as per the 2020 threads does help.

        I now just get a split second interruptions to teams calls rather than minute long and network dropouts.
        And also just a couple of spikes in latency.

        CPU does spike to 55% but it is now running on one core only due to disabling SMP.

        So it does looks very similar to the bug reported in 2020 anyone else seeing this behavier?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.